Code Review / netvirt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Uncaught IAE in SNAT
[netvirt.git] / natservice / impl / src / main / java / org / opendaylight / netvirt / natservice / internal / ConntrackBasedSnatService.java
1 /*
2  * Copyright (c) 2017 Red Hat, Inc. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8 package org.opendaylight.netvirt.natservice.internal;
9
10 import com.google.common.base.Optional;
11 import java.math.BigInteger;
12 import java.util.ArrayList;
13 import java.util.List;
14 import org.apache.commons.lang3.tuple.ImmutablePair;
15 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
16 import org.opendaylight.genius.interfacemanager.interfaces.IInterfaceManager;
17 import org.opendaylight.genius.mdsalutil.ActionInfo;
18 import org.opendaylight.genius.mdsalutil.InstructionInfo;
19 import org.opendaylight.genius.mdsalutil.MatchInfo;
20 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
21 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
22 import org.opendaylight.genius.mdsalutil.NWUtil;
23 import org.opendaylight.genius.mdsalutil.NwConstants;
24 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack;
25 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction;
26 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadInPort;
27 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadMetadata;
28 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
29 import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldEthernetSource;
30 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
31 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
32 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
33 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination;
34 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
35 import org.opendaylight.genius.mdsalutil.matches.MatchTunnelId;
36 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
37 import org.opendaylight.netvirt.fibmanager.api.IFibManager;
38 import org.opendaylight.netvirt.vpnmanager.api.IVpnFootprintService;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.ItmRpcService;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.l3vpn.rev130911.vpn.instance.op.data.vpn.instance.op.data.entry.vpn.to.dpn.list.IpAddresses;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.Routers;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.routers.ExternalIps;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.external.subnets.Subnets;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.types.rev160517.IpPrefixOrAddress;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatFlags;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatRangePresent;
50 import org.slf4j.Logger;
51 import org.slf4j.LoggerFactory;
52
53 public abstract class ConntrackBasedSnatService extends AbstractSnatService {
54     private static final Logger LOG = LoggerFactory.getLogger(ConntrackBasedSnatService.class);
55
56     protected static final int TRACKED_NEW_CT_STATE = 0x21;
57     protected static final int TRACKED_NEW_CT_MASK = 0x21;
58     protected static final int SNAT_CT_STATE = 0x40;
59     protected static final int SNAT_CT_STATE_MASK = 0x40;
60     protected static final int DNAT_CT_STATE = 0x80;
61     protected static final int DNAT_CT_STATE_MASK = 0x80;
62
63     public ConntrackBasedSnatService(DataBroker dataBroker, IMdsalApiManager mdsalManager, ItmRpcService itmManager,
64                                      IdManagerService idManager, NAPTSwitchSelector naptSwitchSelector,
65                                      OdlInterfaceRpcService odlInterfaceRpcService,
66                                      IInterfaceManager interfaceManager, IVpnFootprintService vpnFootprintService,
67                                      IFibManager fibManager) {
68         super(dataBroker, mdsalManager, itmManager, odlInterfaceRpcService, idManager, naptSwitchSelector,
69                 interfaceManager, vpnFootprintService, fibManager);
70     }
71
72     @Override
73     protected void installSnatSpecificEntriesForNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
74         LOG.info("installSnatSpecificEntriesForNaptSwitch: called for router {}",
75                 routers.getRouterName());
76         String routerName = routers.getRouterName();
77         Long routerId = NatUtil.getVpnId(getDataBroker(), routerName);
78         int elanId = NatUtil.getElanInstanceByName(routers.getNetworkId().getValue(), getDataBroker())
79                 .getElanTag().intValue();
80         if (routerId == NatConstants.INVALID_ID) {
81             LOG.error("InvalidRouterId: unable to installSnatSpecificEntriesForNaptSwitch on dpn {}", dpnId);
82             return;
83         }
84         /* Install Outbound NAT entries */
85
86         installSnatMissEntryForPrimrySwch(dpnId, routerId, elanId, addOrRemove);
87         installTerminatingServiceTblEntry(dpnId, routerId, elanId, addOrRemove);
88
89         String extGwMacAddress = NatUtil.getExtGwMacAddFromRouterName(getDataBroker(), routerName);
90         createOutboundTblTrackEntry(dpnId, routerId, extGwMacAddress, addOrRemove);
91         for (ExternalIps externalIp : routers.getExternalIps()) {
92             if (!NWUtil.isIpv4Address(externalIp.getIpAddress())) {
93                 // In this class we handle only IPv4 use-cases.
94                 continue;
95             }
96             //The logic now handle only one external IP per router, others if present will be ignored.
97             long extSubnetId = NatConstants.INVALID_ID;
98             if (addOrRemove == NwConstants.ADD_FLOW) {
99                 extSubnetId = NatUtil.getExternalSubnetVpnId(getDataBroker(), externalIp.getSubnetId());
100             }
101             createOutboundTblEntry(dpnId, routerId, externalIp.getIpAddress(), elanId, extGwMacAddress, addOrRemove);
102             installNaptPfibFlow(routers, dpnId, routerId, extSubnetId, addOrRemove);
103
104             //Install Inbound NAT entries
105             installInboundEntry(dpnId, routerId, externalIp.getIpAddress(), elanId, extSubnetId, addOrRemove);
106             installNaptPfibEntry(dpnId, routerId, addOrRemove);
107
108             String fibExternalIp = NatUtil.validateAndAddNetworkMask(externalIp.getIpAddress());
109             Optional<Subnets> externalSubnet = NatUtil.getOptionalExternalSubnets(dataBroker, externalIp.getSubnetId());
110             if (externalSubnet.isPresent()) {
111                 String externalVpn =  externalIp.getSubnetId().getValue();
112                 String vpnRd = NatUtil.getVpnRd(dataBroker, externalVpn);
113                 vpnFootprintService.updateVpnToDpnMapping(dpnId, externalVpn, vpnRd, null /* interfaceName*/,
114                         new ImmutablePair<>(IpAddresses.IpAddressSource.ExternalFixedIP, fibExternalIp),
115                         addOrRemove == NwConstants.ADD_FLOW);
116             }
117             break;
118         }
119     }
120
121     @Override
122     protected void installSnatSpecificEntriesForNonNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
123         // Nothing to to do here.
124
125     }
126
127     protected void installSnatMissEntryForPrimrySwch(BigInteger dpnId, Long routerId, int elanId, int addOrRemove) {
128         LOG.info("installSnatSpecificEntriesForNaptSwitch : called for the primary NAPT switch dpnId {}", dpnId);
129         List<MatchInfo> matches = new ArrayList<>();
130         matches.add(MatchEthernetType.IPV4);
131         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
132         List<InstructionInfo> instructions = new ArrayList<>();
133         List<ActionInfo> actionsInfos = new ArrayList<>();
134         List<NxCtAction> ctActionsList = new ArrayList<>();
135         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
136         ctActionsList.add(nxCtAction);
137         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId,
138                 NwConstants.OUTBOUND_NAPT_TABLE,ctActionsList);
139
140         actionsInfos.add(actionNxConntrack);
141         instructions.add(new InstructionApplyActions(actionsInfos));
142
143         String flowRef = getFlowRef(dpnId, NwConstants.PSNAT_TABLE, routerId);
144         syncFlow(dpnId, NwConstants.PSNAT_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
145                 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
146     }
147
148     protected void installTerminatingServiceTblEntry(BigInteger dpnId, Long  routerId, int elanId, int addOrRemove) {
149         LOG.info("installTerminatingServiceTblEntry : creating entry for Terminating Service Table "
150                 + "for switch {}, routerId {}", dpnId, routerId);
151         List<MatchInfo> matches = new ArrayList<>();
152         matches.add(MatchEthernetType.IPV4);
153         matches.add(new MatchTunnelId(BigInteger.valueOf(routerId)));
154
155
156         List<ActionInfo> actionsInfos = new ArrayList<>();
157         List<NxCtAction> ctActionsList = new ArrayList<>();
158         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
159         ctActionsList.add(nxCtAction);
160         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
161                 .OUTBOUND_NAPT_TABLE,ctActionsList);
162         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
163                 .getVpnIdMetadata(routerId.longValue()), LOAD_START, LOAD_END);
164         actionsInfos.add(actionLoadMeta);
165         actionsInfos.add(actionNxConntrack);
166         List<InstructionInfo> instructions = new ArrayList<>();
167         instructions.add(new InstructionApplyActions(actionsInfos));
168         String flowRef = getFlowRef(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, routerId.longValue());
169         syncFlow(dpnId,  NwConstants.INTERNAL_TUNNEL_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
170                  NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
171
172     }
173
174     protected void createOutboundTblTrackEntry(BigInteger dpnId, Long routerId, String extGwMacAddress,
175             int addOrRemove) {
176         LOG.info("createOutboundTblTrackEntry : called for switch {}, routerId {}", dpnId, routerId);
177         List<MatchInfoBase> matches = new ArrayList<>();
178         matches.add(MatchEthernetType.IPV4);
179         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
180         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
181         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
182         if (addOrRemove == NwConstants.ADD_FLOW) {
183             listActionInfo.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
184         }
185         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
186         listActionInfo.add(new ActionNxResubmit(NwConstants.NAPT_PFIB_TABLE));
187         instructionInfo.add(new InstructionApplyActions(listActionInfo));
188
189         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
190         flowRef += "trkest";
191         syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY, flowRef,
192                 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
193
194     }
195
196     protected void createOutboundTblEntry(BigInteger dpnId, long routerId, String externalIp,
197             int elanId, String extGwMacAddress,  int addOrRemove) {
198         LOG.info("createOutboundTblEntry : dpId {} and routerId {}", dpnId, routerId);
199         List<MatchInfoBase> matches = new ArrayList<>();
200         matches.add(MatchEthernetType.IPV4);
201         matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
202         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
203         List<ActionInfo> actionsInfos = new ArrayList<>();
204         if (addOrRemove == NwConstants.ADD_FLOW) {
205             actionsInfos.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
206         }
207         List<NxCtAction> ctActionsListCommit = new ArrayList<>();
208         int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
209         int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
210         NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent,
211                 new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(),
212                 null,0, 0);
213         ctActionsListCommit.add(nxCtActionCommit);
214         int ctCommitFlag = 1;
215         ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId,
216                 NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
217         actionsInfos.add(actionNxConntrackSubmit);
218         List<InstructionInfo> instructions = new ArrayList<>();
219         instructions.add(new InstructionApplyActions(actionsInfos));
220         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
221         syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef,  NatConstants.SNAT_NEW_FLOW_PRIORITY,
222                 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
223     }
224
225     protected void installNaptPfibFlow(Routers routers, BigInteger dpnId, long routerId,
226             long extSubnetId, int addOrRemove) {
227         Long extNetId = NatUtil.getVpnId(getDataBroker(), routers.getNetworkId().getValue());
228         LOG.info("installNaptPfibFlow : dpId {}, extNetId {}", dpnId, extNetId);
229         List<MatchInfoBase> matches = new ArrayList<>();
230         matches.add(MatchEthernetType.IPV4);
231         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
232         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
233         List<ActionInfo> listActionInfo = new ArrayList<>();
234         if (addOrRemove == NwConstants.ADD_FLOW) {
235             if (extSubnetId == NatConstants.INVALID_ID) {
236                 LOG.error("installNaptPfibFlow : external subnet id is invalid.");
237                 return;
238             }
239             ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
240                     .getVpnIdMetadata(extSubnetId), LOAD_START, LOAD_END);
241             listActionInfo.add(actionLoadMeta);
242         }
243         ArrayList<InstructionInfo> instructions = new ArrayList<>();
244         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
245         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
246         instructions.add(new InstructionApplyActions(listActionInfo));
247         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
248         flowRef = flowRef + "OUTBOUND";
249         syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY,
250                 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
251     }
252
253     protected void installInboundEntry(BigInteger dpnId, long routerId, String externalIp, int elanId, long extSubnetId,
254             int addOrRemove) {
255         LOG.info("installInboundEntry : dpId {} and routerId {}", dpnId, routerId);
256         List<MatchInfoBase> matches = new ArrayList<>();
257         matches.add(MatchEthernetType.IPV4);
258         matches.add(new MatchIpv4Destination(externalIp,"32"));
259         if (addOrRemove == NwConstants.ADD_FLOW) {
260             if (extSubnetId == NatConstants.INVALID_ID) {
261                 LOG.error("installInboundEntry : external subnet id is invalid.");
262                 return;
263             }
264             matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(extSubnetId),
265                     MetaDataUtil.METADATA_MASK_VRFID));
266         }
267         List<ActionInfo> actionsInfos = new ArrayList<>();
268         List<NxCtAction> ctActionsList = new ArrayList<>();
269         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
270         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
271                 .getVpnIdMetadata(routerId), LOAD_START, LOAD_END);
272         actionsInfos.add(actionLoadMeta);
273         ctActionsList.add(nxCtAction);
274         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
275                 .NAPT_PFIB_TABLE,ctActionsList);
276
277         actionsInfos.add(actionNxConntrack);
278         List<InstructionInfo> instructions = new ArrayList<>();
279         instructions.add(new InstructionApplyActions(actionsInfos));
280         String flowRef = getFlowRef(dpnId, NwConstants.INBOUND_NAPT_TABLE, routerId);
281         flowRef = flowRef + "OUTBOUND";
282         syncFlow(dpnId, NwConstants.INBOUND_NAPT_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
283                 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
284     }
285
286     protected void installNaptPfibEntry(BigInteger dpnId, long routerId, int addOrRemove) {
287         LOG.info("installNaptPfibEntry : called for dpnId {} and routerId {} ", dpnId, routerId);
288         List<MatchInfoBase> matches = new ArrayList<>();
289         matches.add(MatchEthernetType.IPV4);
290         matches.add(new NxMatchCtState(DNAT_CT_STATE, DNAT_CT_STATE_MASK));
291         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
292
293         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
294         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
295         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
296         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
297         instructionInfo.add(new InstructionApplyActions(listActionInfo));
298
299
300         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
301         flowRef = flowRef + "INBOUND";
302         syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
303                 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
304     }
305 }
NetVirt - Archived